General provisions
The policy of personal data processing in (hereinafter - the Policy) defines the basic principles, goals, conditions and methods of processing personal data, lists of subjects and personal data processed by I-Novus LLC, functions of I-Novus LLC in processing personal data, rights subjects of personal data, as well as the requirements for personal data protection implemented in I-Novus LLC.
The policy was developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
The provisions of the Policy serve as the basis for the development of local regulations governing I-Novus LLC regarding the processing of personal data of I-Novus LLC employees and other personal data subjects.
Legislative and other regulatory legal acts of the Russian Federation, in accordance with which the Policy of personal data processing in I-Novus LLC is determined
The policy of processing personal data in I-Novus LLC is determined in accordance with the following regulatory legal acts:
In order to implement the provisions of the Policy, I-Novus LLC develops relevant local regulatory acts and other documents, including:
The basic terms and definitions used in the local regulatory acts of I-Novus LLCgoverning the processing of personal data.
Personal data - any information relating directly or indirectly to a specific or designated individual (subject of personal data).
Information - information (messages, data) regardless of the form of their presentation.
Operator - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.
Personal data processing - any action (operation) or set of actions (operations) performed with the use of automation tools or without using such tools with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data - processing of personal data using computer technology.
Provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons.
Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons.
Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
Blocking of personal data - a temporary cessation of the processing of personal data (except in cases where the processing is necessary to clarify personal data).
The destruction of personal data is an action, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed.
Anonymization of personal data is an action in which it becomes impossible without the use of additional information to determine the identity of personal data to a specific subject of personal data.
Personal data information system - a set of personal data contained in databases and information technologies and technical means ensuring their processing.
Principles and objectives for the processing of personal data
I-Novus LLC, being an operator of personal data, processes personal data of employees of I-Novus LLC and other personal data subjects who are not in employment relationships with Ai-Novus LLC.
The processing of personal data in I-Novus LLC is carried out taking into account the need to protect the rights and freedoms of employees of I-Novus LLC and other personal data subjects, including the protection of the right to privacy, personal and family secrets, based on the following principles:
Personal data is processed in I-Novus LLC in order to:
The list of subjects whose personal data are processed in I-Novus LLC.
I-Novus LLC processes personal data of the following categories of subjects:
The list of personal data processed by I-Novus LLC.
The list of personal data processed by I-Novus LLC is determined in accordance with the legislation of the Russian Federation and local regulations of I-Novus LLC, taking into account the purposes of processing personal data specified in section 4 of the Policy.
The processing of special categories of personal data relating to race, nationality, political views, religious or philosophical convictions, intimate life, is not carried out in I-Novus LLC.
Information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established (biometric personal data) and which are used by an employer to identify an employee, can be processed only with the consent in writing.
Functions of Ay-Novus LLC in the processing of personal data
I-Novus LLC in the processing of personal data:
Conditions for processing personal data in I-Novus LLC
The processing of personal data in I-Novus LLC is carried out with the consent of the subject of personal data to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data.
I-Novus LLC without the consent of the subject of personal data does not disclose to third parties and does not distribute personal data, unless otherwise provided by federal law.
I-Novus LLC has the right to entrust the processing of personal data to another person with the consent of the subject of personal data on the basis of a contract concluded with this person. The contract should contain a list of actions (operations) with personal data that will be performed by the person performing personal data processing, processing purposes, the obligation of such person to maintain the confidentiality of personal data and ensure the security of personal data during their processing, as well as the requirements for the protection of personal data being processed accordance with Article 19 of the Federal Law «On Personal Data»;.
For the purpose of internal information support, I-Novus LLC may create internal reference materials which, with the written consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation, may include his last name, first name, patronymic, place of work, position, subscriber number , e-mail address, other personal data communicated by the subject of personal data.
Access to personal data processed by I-Novus LLC is allowed only to I-Novus LLC employees holding positions included in the list of I-Novus LLC posts, for which they process personal data.
The list of actions with personal data and methods for their processing
I-Novus LLC collects, records, systematizes, accumulates, stores, refines (updates, changes), retrieves, uses, transfers (distributes, provides, accesses), depersonalizes, blocks, deletes and destroys personal data.
The processing of personal data in I-Novus LLC is carried out in the following ways:
Rights of personal data subjects
The personal data subjects are entitled to:
Measures taken by I-Novus LLC to ensure the performance of operator duties in the processing of personal data.
Measures that are necessary and sufficient to ensure the fulfillment of I-Novus LLC by the operator’s obligations under the legislation of the Russian Federation in the field of personal data include:
Measures to ensure the security of personal data when they are processed in personal data information systems are established in accordance with the local regulations of I-Novus LLC governing the security of personal data when they are processed in the personal data information systems of I-Novus LLC.
Monitoring compliance with the laws of the Russian Federation and local regulations of I-Novus LLC in the field of personal data, including requirements for the protection of personal data.
12.1. Monitoring of the observance by the structural subdivisions of I-Novus LLC of the legislation of the Russian Federation and the local regulations of I-Novus LLC in the field of personal data, including requirements for the protection of personal data, is carried out in order to verify the compliance of the processing of personal data in the structural units of I-Novus LLC, the legislation of the Russian Federation and local regulations of I-Novus LLC in the field of personal data, including requirements for the protection of personal data, as well as yatyh measures aimed at preventing and detecting violations of Russian legislation in the field of personal data, detection of possible leakage channels and unauthorized access to personal data, the consequences of such violations.
12.2. Internal control over the observance by the structural subdivisions of I-Novus LLC of the legislation of the Russian Federation and local regulations of I-Novus LLC in the field of personal data, including requirements for the protection of personal data, is carried out by the person responsible for organizing the processing of personal data in I-Novus LLC.
12.3. Internal control over the compliance of personal data processing with the Federal Law «On Personal Data» and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, this Policy, local regulatory acts of I-Novus LLC are exercised by the Personnel Management Apparatus of I-Novus LLC.
12.4. Personal responsibility for compliance with the requirements of the legislation of the Russian Federation and local regulations of I-Novus LLC in the field of personal data in I-Novus LLC, as well as for ensuring the confidentiality and security of personal data in I-Novus LLC, rests with the General Director .